MBot Postado Fevereiro 25, 2024 em 00:01 Compartilhar Postado Fevereiro 25, 2024 em 00:01 REFACT Refactored to use a new pattern matching engine (SigFinder) for shellcode detection. Improved performance. FEATURE Added new parameter /pattern <file> allowing to supply custom signatures to be searched in memory. The format is defined by SigFinder and described in the relevant README. If pattern file was defined, a .tag file for the found patterns will be generated, with the extension .pattern.tag New fields in the scan_report.json: Save the PE-sieve version with which the scan was performed (scanner_version) In workingset_scan section: added patterns section with information about found patterns: total_matched (count of all patterns matched, including the hardcoded ones) custom_matched (count of patterns matched from the set defined by the user in pattern file) New fields in the dump_report.json: If pattern.tag file was generated, the name of this file will be added in the pattern_tags_file field of the relevant module. See also: HollowsHunter v0.3.9 with the latest PE-sieve https://private-user-images.githubusercontent.com/3115348/307557883-0f697b0f-2a9b-47eb-ac23-82bc619dc670.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDg4MjE2NDUsIm5iZiI6MTcwODgyMTM0NSwicGF0aCI6Ii8zMTE1MzQ4LzMwNzU1Nzg4My0wZjY5N2IwZi0yYTliLTQ3ZWItYWMyMy04MmJjNjE5ZGM2NzAucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDIyNSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDAyMjVUMDAzNTQ1WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9YjliYjFkYzJkZWJmYWYxZTllMzJhMWMxMWJkMWViMjQzMTcxNDk2NjE0YmUxOTc4NDlhMzM5ZjlmYzRmZjA1NCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.eF6AqHInwJGoaA-au9DqDOgjWWmFnqpkEw6-6Q_hHQoDownload Link para o comentário Compartilhar em outros sites More sharing options...
Posts Recomendados